Browse Source

Execute service setup against a delegated host using Ansible built-in modules

In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.

The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.

With the dependent patches, the openstack_openrc role is now executed once
on the designated host, so it is no longer required as a meta-dependency for
the role.

Depends-On: https://review.openstack.org/579233
Depends-On: https://review.openstack.org/579959
Change-Id: I4131312eea8c743e7803ccc622b7642c6082a4c8
Jesse Pretorius 9 months ago
parent
commit
a8a34fe719

+ 5
- 7
defaults/main.yml View File

@@ -17,6 +17,11 @@
17 17
 # Only create Gnocchi's identity entities in Keystone
18 18
 gnocchi_identity_only: False
19 19
 
20
+# Set the host which will execute the shade modules
21
+# for the service setup. The host must already have
22
+# clouds.yaml properly configured.
23
+gnocchi_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
24
+
20 25
 #: Enable for debug logging level
21 26
 debug: false
22 27
 
@@ -71,7 +76,6 @@ gnocchi_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all
71 76
 gnocchi_galera_address: "{{ galera_address | default('127.0.0.1') }}"
72 77
 gnocchi_galera_database: gnocchi
73 78
 gnocchi_galera_user: gnocchi
74
-gnocchi_galera_address: "{{ galera_address }}"
75 79
 gnocchi_db_sync_options: ""
76 80
 gnocchi_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
77 81
 gnocchi_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
@@ -159,12 +163,6 @@ gnocchi_services:
159 163
     service_enabled: true
160 164
     init_config_overrides: "{{ gnocchi_metricd_init_overrides }}"
161 165
 
162
-#: Gnocchi packages that must be installed before anything else
163
-gnocchi_requires_pip_packages:
164
-  - virtualenv
165
-  - python-keystoneclient # Keystoneclient needed for OSA keystone lib
166
-  - httplib2 # so we can use the uri module
167
-
168 166
 #: Common pip packages
169 167
 gnocchi_pip_packages:
170 168
   - cryptography

+ 0
- 1
meta/main.yml View File

@@ -39,6 +39,5 @@ dependencies:
39 39
     when:
40 40
       - ansible_pkg_mgr == 'apt'
41 41
   - galera_client
42
-  - openstack_openrc
43 42
 # Extra dependency not installable this way
44 43
 #  git clone https://git.openstack.org/openstack/openstack-ansible-plugins {homedir}/.ansible/plugins

+ 17
- 0
releasenotes/notes/gnocchi-service-setup-host-ef418b0e709ae796.yaml View File

@@ -0,0 +1,17 @@
1
+---
2
+features:
3
+  - |
4
+    The service setup in keystone for gnocchi will now be executed
5
+    through delegation to the ``gnocchi_service_setup_host`` which,
6
+    by default, is ``localhost`` (the deploy host). Deployers can
7
+    opt to rather change this to the utility container by implementing
8
+    the following override in ``user_variables.yml``.
9
+
10
+    .. code-block:: yaml
11
+
12
+      gnocchi_service_setup_host: "{{ groups['utility_all'][0] }}"
13
+
14
+deprecations:
15
+  - |
16
+    The variable ``gnocchi_requires_pip_packages`` is no longer required
17
+    and has therefore been removed.

+ 51
- 49
tasks/gnocchi_identity_setup.yml View File

@@ -16,54 +16,56 @@
16 16
 # Create the project if needed, assumed to be in default domain.
17 17
 # In many cases this will be present but under some circumstances the project
18 18
 # may be unique to Gnocchi, esp. when Swift is used for storage.
19
-- name: Ensure Gnocchi project
20
-  keystone:
21
-    command: ensure_project
22
-    project_name: "{{ gnocchi_service_project_name }}"
23
-    endpoint: "{{ keystone_service_adminurl }}"
24
-    login_user: "{{ keystone_admin_user_name }}"
25
-    login_password: "{{ keystone_auth_admin_password }}"
26
-    login_project_name: "{{ keystone_admin_tenant_name }}"
27
-    description: "{{ gnocchi_service_project_description }}"
28
-    insecure: "{{ keystone_service_adminuri_insecure }}"
29
-  register: add_project
30
-  until: add_project|success
31
-  retries: 5
32
-  delay: 10
33
-  no_log: True
19
+# We set the python interpreter to the ansible runtime venv if
20
+# the delegation is to localhost so that we get access to the
21
+# appropriate python libraries in that venv. If the delegation
22
+# is to another host, we assume that it is accessible by the
23
+# system python instead.
24
+- name: Setup the service
25
+  delegate_to: "{{ gnocchi_service_setup_host }}"
26
+  vars:
27
+    ansible_python_interpreter: >-
28
+      {{ (gnocchi_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
29
+  block:
30
+    - name: Add service project
31
+      os_project:
32
+        cloud: default
33
+        state: present
34
+        name: "{{ gnocchi_service_project_name }}"
35
+        domain_id: "{{ gnocchi_service_project_domain_id }}"
36
+        endpoint_type: admin
37
+        verify: "{{ not keystone_service_adminuri_insecure }}"
38
+      register: add_service
39
+      until: add_service is success
40
+      retries: 5
41
+      delay: 10
34 42
 
35
-# Create an admin user
36
-- name: Ensure Gnocchi user
37
-  keystone:
38
-    command: "ensure_user"
39
-    endpoint: "{{ keystone_service_adminurl }}"
40
-    login_user: "{{ keystone_admin_user_name }}"
41
-    login_password: "{{ keystone_auth_admin_password }}"
42
-    login_project_name: "{{ keystone_admin_tenant_name }}"
43
-    user_name: "{{ gnocchi_service_user_name }}"
44
-    tenant_name: "{{ gnocchi_service_project_name }}"
45
-    password: "{{ gnocchi_service_password }}"
46
-    insecure: "{{ keystone_service_adminuri_insecure }}"
47
-  register: add_user
48
-  until: add_user|success
49
-  retries: 5
50
-  delay: 10
51
-  no_log: True
43
+    - name: Add service user
44
+      os_user:
45
+        cloud: default
46
+        state: present
47
+        name: "{{ gnocchi_service_user_name }}"
48
+        password: "{{ gnocchi_service_password }}"
49
+        domain: default
50
+        default_project: "{{ gnocchi_service_project_name }}"
51
+        endpoint_type: admin
52
+        verify: "{{ not keystone_service_adminuri_insecure }}"
53
+      register: add_service
54
+      until: add_service is success
55
+      retries: 5
56
+      delay: 10
57
+      no_log: True
52 58
 
53
-# Add a role to the user
54
-- name: Ensure Gnocchi user maps to admin role
55
-  keystone:
56
-    command: "ensure_user_role"
57
-    endpoint: "{{ keystone_service_adminurl }}"
58
-    login_user: "{{ keystone_admin_user_name }}"
59
-    login_password: "{{ keystone_auth_admin_password }}"
60
-    login_project_name: "{{ keystone_admin_tenant_name }}"
61
-    user_name: "{{ gnocchi_service_user_name }}"
62
-    tenant_name: "{{ gnocchi_service_project_name }}"
63
-    role_name: "{{ gnocchi_role_name }}"
64
-    insecure: "{{ keystone_service_adminuri_insecure }}"
65
-  register: add_admin_role
66
-  until: add_admin_role|success
67
-  retries: 5
68
-  delay: 10
69
-  no_log: True
59
+    - name: Add service user to admin role
60
+      os_user_role:
61
+        cloud: default
62
+        state: present
63
+        user: "{{ gnocchi_service_user_name }}"
64
+        role: "{{ gnocchi_role_name }}"
65
+        project: "{{ gnocchi_service_project_name }}"
66
+        endpoint_type: admin
67
+        verify: "{{ not keystone_service_adminuri_insecure }}"
68
+      register: add_service
69
+      until: add_service is success
70
+      retries: 5
71
+      delay: 10

+ 0
- 13
tasks/gnocchi_install.yml View File

@@ -33,19 +33,6 @@
33 33
       {% endfor %}
34 34
   when: gnocchi_developer_mode | bool
35 35
 
36
-- name: Install required pip packages
37
-  pip:
38
-    name: "{{ gnocchi_requires_pip_packages }}"
39
-    state: "{{ gnocchi_pip_package_state }}"
40
-    extra_args: >-
41
-      {{ gnocchi_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
42
-      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
43
-      {{ pip_install_options | default('') }}
44
-  register: install_packages
45
-  until: install_packages|success
46
-  retries: 5
47
-  delay: 2
48
-
49 36
 - name: Retrieve checksum for venv download
50 37
   uri:
51 38
     url: "{{ gnocchi_venv_download_url | replace('tgz', 'checksum') }}"

+ 45
- 41
tasks/gnocchi_service_setup.yml View File

@@ -13,45 +13,49 @@
13 13
 # See the License for the specific language governing permissions and
14 14
 # limitations under the License.
15 15
 
16
-# Create a service
17
-- name: Ensure Gnocchi service
18
-  keystone:
19
-    command: "ensure_service"
20
-    endpoint: "{{ keystone_service_adminurl }}"
21
-    login_user: "{{ keystone_admin_user_name }}"
22
-    login_password: "{{ keystone_auth_admin_password }}"
23
-    login_project_name: "{{ keystone_admin_tenant_name }}"
24
-    service_name: "{{ gnocchi_service_name }}"
25
-    service_type: "{{ gnocchi_service_type }}"
26
-    description: "{{ gnocchi_service_description }}"
27
-    insecure: "{{ keystone_service_adminuri_insecure }}"
28
-  register: add_service
29
-  until: add_service|success
30
-  retries: 5
31
-  delay: 2
32
-  no_log: True
16
+# We set the python interpreter to the ansible runtime venv if
17
+# the delegation is to localhost so that we get access to the
18
+# appropriate python libraries in that venv. If the delegation
19
+# is to another host, we assume that it is accessible by the
20
+# system python instead.
21
+- name: Setup the service
22
+  delegate_to: "{{ gnocchi_service_setup_host }}"
23
+  vars:
24
+    ansible_python_interpreter: >-
25
+      {{ (gnocchi_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
26
+  block:
27
+    - name: Add service to the keystone service catalog
28
+      os_keystone_service:
29
+        cloud: default
30
+        state: present
31
+        name: "{{ gnocchi_service_name }}"
32
+        service_type: "{{ gnocchi_service_type }}"
33
+        description: "{{ gnocchi_service_description }}"
34
+        endpoint_type: admin
35
+        verify: "{{ not keystone_service_adminuri_insecure }}"
36
+      register: add_service
37
+      until: add_service is success
38
+      retries: 5
39
+      delay: 10
33 40
 
34
-# Create an endpoint
35
-- name: Ensure Gnocchi endpoint
36
-  keystone:
37
-    command: "ensure_endpoint"
38
-    endpoint: "{{ keystone_service_adminurl }}"
39
-    login_user: "{{ keystone_admin_user_name }}"
40
-    login_password: "{{ keystone_auth_admin_password }}"
41
-    login_project_name: "{{ keystone_admin_tenant_name }}"
42
-    region_name: "{{ gnocchi_service_region }}"
43
-    service_name: "{{ gnocchi_service_name }}"
44
-    service_type: "{{ gnocchi_service_type }}"
45
-    insecure: "{{ keystone_service_adminuri_insecure }}"
46
-    endpoint_list:
47
-      - url: "{{ gnocchi_service_publicurl }}"
48
-        interface: "public"
49
-      - url: "{{ gnocchi_service_internalurl }}"
50
-        interface: "internal"
51
-      - url: "{{ gnocchi_service_adminurl }}"
52
-        interface: "admin"
53
-  register: add_endpoint
54
-  until: add_endpoint|success
55
-  retries: 5
56
-  delay: 10
57
-  no_log: True
41
+    - name: Add endpoints to keystone endpoint catalog
42
+      os_keystone_endpoint:
43
+        cloud: default
44
+        state: present
45
+        service: "{{ gnocchi_service_name }}"
46
+        endpoint_interface: "{{ item.interface }}"
47
+        url: "{{ item.url }}"
48
+        region: "{{ gnocchi_service_region }}"
49
+        endpoint_type: admin
50
+        verify: "{{ not keystone_service_adminuri_insecure }}"
51
+      register: add_service
52
+      until: add_service is success
53
+      retries: 5
54
+      delay: 10
55
+      with_items:
56
+        - interface: "public"
57
+          url: "{{ gnocchi_service_publicurl }}"
58
+        - interface: "internal"
59
+          url: "{{ gnocchi_service_internalurl }}"
60
+        - interface: "admin"
61
+          url: "{{ gnocchi_service_adminurl }}"

+ 0
- 2
tests/host_vars/localhost.yml View File

@@ -15,5 +15,3 @@
15 15
 
16 16
 bridges:
17 17
   - "br-mgmt"
18
-
19
-ansible_python_interpreter: "/usr/bin/python2"

+ 26
- 29
tests/test-gnocchi-functional.yml View File

@@ -16,47 +16,44 @@
16 16
 # Very basic testing using examples from http://gnocchi.xyz/rest.html
17 17
 
18 18
 - name: Playbook for functional testing of gnocchi
19
-  hosts: gnocchi_all
20
-  user: root
19
+  hosts: localhost
20
+  connection: local
21 21
   gather_facts: false
22 22
   vars:
23
-      gnocchi_api: "http://localhost:{{ gnocchi_service_port }}"
23
+    ansible_python_interpreter: "{{ ansible_playbook_python }}"
24
+  vars_files:
25
+    - common/test-vars.yml
24 26
   tasks:
25
-    - name: Install openstackclient
26
-      pip:
27
-        name: "python-openstackclient"
28
-        extra_args: >-
29
-          {{ gnocchi_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
30
-          {{ pip_install_options | default('') }}
31
-
32 27
     - name: Check the gnocchi-api
33 28
       uri:
34
-        url: "{{ gnocchi_api }}"
29
+        url: "{{ gnocchi_service_internaluri }}"
35 30
         status_code: 200,300
36 31
 
37 32
     - name: Validate that auth is required
38 33
       uri:
39
-        url: "{{ gnocchi_api }}/v1/status"
34
+        url: "{{ gnocchi_service_internaluri }}/v1/status"
40 35
         status_code: 401
41 36
 
42
-    - name: Get auth token
43
-      shell: >
44
-        . /root/openrc && openstack token issue --format yaml | awk '/^id\:/ {print $2}'
45
-      register: get_keystone_token
46
-      changed_when: false
47
-
48
-    - name: set token
49
-      set_fact:
50
-        keystone_token: "{{ get_keystone_token.stdout }}"
37
+    - name: Authenticate to the cloud and retrieve the service catalog
38
+      os_auth:
39
+        cloud: "default"
40
+        region_name: "{{ keystone_service_region }}"
41
+      # TODO(odyssey4me):
42
+      # Restore this once debugging is complete.
43
+      #no_log: true
44
+      register: _auth
45
+      until: (_auth | success) and (auth_token is defined)
46
+      retries: 5
47
+      delay: 10
51 48
 
52 49
     - name: Create a metric
53 50
       uri:
54
-        url: "{{ gnocchi_api }}/v1/metric"
51
+        url: "{{ gnocchi_service_internaluri }}/v1/metric"
55 52
         method: POST
56 53
         body: '{ "archive_policy_name": "high" }'
57 54
         headers:
58 55
           Content-Type: "application/json"
59
-          X-Auth-Token: "{{ keystone_token }}"
56
+          X-Auth-Token: "{{ auth_token }}"
60 57
         return_content: True
61 58
         status_code: 201
62 59
       register: metric_create
@@ -66,22 +63,22 @@
66 63
 
67 64
     - name: Add measures
68 65
       uri:
69
-        url: "{{ gnocchi_api }}/v1/metric/{{ metric_create.json.id }}/measures"
66
+        url: "{{ gnocchi_service_internaluri }}/v1/metric/{{ metric_create.json.id }}/measures"
70 67
         method: POST
71 68
         body: '[ { "timestamp": "2014-10-06T14:33:57", "value": 43.1 }, { "timestamp": "2014-10-06T14:34:12", "value": 12 }, { "timestamp": "2014-10-06T14:34:20", "value": 2 } ]'
72 69
         headers:
73 70
           Content-Type: "application/json"
74
-          X-Auth-Token: "{{ keystone_token }}"
71
+          X-Auth-Token: "{{ auth_token }}"
75 72
         return_content: True
76 73
         status_code: 202
77 74
 
78 75
     - name: Retrieve the measures
79 76
       uri:
80
-        url: "{{ gnocchi_api }}/v1/metric/{{ metric_create.json.id }}/measures?refresh=true"
77
+        url: "{{ gnocchi_service_internaluri }}/v1/metric/{{ metric_create.json.id }}/measures?refresh=true"
81 78
         method: GET
82 79
         headers:
83 80
           Content-Type: "application/json"
84
-          X-Auth-Token: "{{ keystone_token }}"
81
+          X-Auth-Token: "{{ auth_token }}"
85 82
         return_content: True
86 83
         status_code: 200
87 84
       register: measures_retrieval
@@ -96,11 +93,11 @@
96 93
 
97 94
     - name: Retrieve the archive policies
98 95
       uri:
99
-        url: "{{ gnocchi_api }}/v1/archive_policy"
96
+        url: "{{ gnocchi_service_internaluri }}/v1/archive_policy"
100 97
         method: GET
101 98
         headers:
102 99
           Content-Type: "application/json"
103
-          X-Auth-Token: "{{ keystone_token }}"
100
+          X-Auth-Token: "{{ auth_token }}"
104 101
         return_content: True
105 102
         status_code: 200
106 103
       register: policies_retrieval

+ 2
- 2
tests/test-install-gnocchi.yml View File

@@ -17,11 +17,11 @@
17 17
   hosts: gnocchi_all
18 18
   user: root
19 19
   gather_facts: true
20
+  vars_files:
21
+    - common/test-vars.yml
20 22
   pre_tasks:
21 23
     - include: common/create-grant-db.yml
22 24
       db_password: "{{ gnocchi_container_mysql_password }}"
23 25
       db_name: "gnocchi"
24 26
   roles:
25 27
     - role: "os_gnocchi"
26
-  vars_files:
27
-    - common/test-vars.yml

Loading…
Cancel
Save